Insertion of Sensitive Information Into Sent Data
CVE-2025-59509
Summary
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-201 - Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
References
Advisory Timeline
- Published
